What is .htaccess? Using .htaccess files How do I password protect my directories? First, you will be creating a text file named .htaccess for uploading to the directory you want to protect. Note these important points: (1) The AuthName variable must be one word in quotes, otherwise it will cause an error. (2) Many of the commands, such as GET and POST must be in all CAPS. More detailed information follows. AuthUserFile /home/username/.passwd AuthGroupFile /home/username/.group AuthName "Protected" AuthType Basic <Limit GET POST> require group groupname require user username, username2, username3 </Limit> Second you need to email support@novahosting.com to install the webmister program on your domain. The webmister program is an online web-based application that manages the usernames and passwords for your .htaccess files. There is a small installation fee and no monthly charge. Important Note: Do not edit the .htaccess file if you are using MS Frontpage! Frontpage uses an .htaccess file and editing it may cause errors in your configuration. The .htaccess file can be placed in one or more of your home/username/domainname-www subdirectories. Among other things, this file can be used to restrict access to other files and web pages. How .htaccess Works When a request for a web page is made, the web server first checks for an .htaccess file. The server begins this check by looking for .htaccess in the root of the current web directory, and on down the directory tree until it reaches the the directory where the requested file resides. Since the placement of the .htaccess file determines when it is executed, this fact can be used to restrict access only in certain subdirectories. Functions Restrict access to directories using passwords. Redirect hits onto another webpage. Control and set the messages generated for various error conditions. Edit Mime-types. Activate and deactivate various server features. To create an .htaccess file, make a text file as described below and upload it as ".htaccess." Except for the first function, these will only work for an .htaccess file placed in domain-www. Add whichever functions you want to the same file. Restricting Access: Password Protection The directory you want protected must have an .htaccess file in it that looks like the following. Comments are added here, but do not put the comments in the actual .htaccess file: AuthUserFile /home/username/.passwd AuthGroupFile /home/username/.group AuthName Protected AuthType Basic <Limit GET> require group Subscribers #require user username </Limit> #file where usernames and passwords are stored #file where group information is stored #name of protected area--appears at password prompt   #Subscribers is the group of users for the directory. #if there is only one user in the group, you can substitute the line that is immediately above </Limit> on the left. Groups and users are stored in the .group file, and passwords are stored in .passwd. The .htaccess file looks for these files in the /home/username/ directory. Do not attempt to edit these manually! NOVA Hosting has a special script you can use to manage your .group and .passwd files (the "webmister" script). Redirects Redirecting allows you to send the user to, for example, new.html when they attempt to access old.html. To see this example in practice, simply add the following line to the .htaccess file: Redirect /directoryname/old.html http://yourdomainname/directoryname/new.html Apache has a nice FAQ on redirects. Error Documents There are two main styles of error messages you may encounter. The first is the standard form, which looks something like:          File Not found                         The requested URL domainname/filenamme.html was not found on this server. The second type comes in a variety of forms, but is customized by the webmaster. For example:                          Sorry We're sorry, but the requested URL does not exist. Please e-mail support@domain.com if you need further assistance. Such messages are called error documents and are web pages designed to explain error conditions. These error conditions generate numbers which are used to refer to the appropriate error condition. Some of the most common messages are as follows: Error in Client 400 Bad syntax 401 Unauthorized 402 Not Used (Payment Granted) 403 Forbidden 404 Not Found Error in Server 500 Internal Error 501 Not Implemented 502 Overloaded 503 Gateway Timeout How to Customize Error Messages for Your Site First, create the HTML page you want to use as your error message. Upload it to your www directory. Next, go into your .htaccess file (or create one) and add lines which specify the substitution. Here are three examples of specifying error documents which will be called for a given error condition. Note: You can use relative or absolute addressing. ErrorDocument 401 http://domain.com/nopasswd.html ErrorDocument 403 /forbidden.html ErrorDocument 404 http://www.domain.com/nofile.html Mime Types You can add mime types to your .htaccess file with a line like: AddType text/html .txt   Back to Main Support Page